Posted
by
timothyon Sunday December 05, 2010 @05:21PM
from the always-a-tradeoff dept.

Hugh Pickens writes "Ellen Nakashima writes in the Washington Post that after the intelligence community came under heavy criticism after 9/11 for having failed to share data, officials sought to make it easier for various agencies to share sensitive information giving intelligence analysts wider access to government secrets but WikiLeaks has proved that there's a downside to better information-sharing. To prevent further breaches, the Pentagon has ordered that a feature that allows material to be copied onto thumb drives or other removable devices be disabled on its classified computer systems and will limit the number of classified systems from which material can be transferred to unclassified systems, as well as require that two people be involved in moving data from classified to unclassified systems. The bottom line is that recent leaks 'have blown a hole' in the framework by which governments guard their secrets. According to British journalist Simon Jenkins 'words on paper can be made secure, electronic archives not.'"

>"To prevent further breaches, the Pentagon has ordered that a feature that allows material to be copied onto thumb drives or other removable devices be disabled on its classified computer systems"

Yeah, like that is really going to make THAT much of a difference. Oh- make sure to remove all printers too, prevent all Email/IRC/IM, cut and paste, CD/DVDRW, etc. I suppose I can't criticize them for trying, but no amount of stuff like that is going to prevent information leaks if someone wants to leak information. It is no different than DRM.

It's not that it is impossible to leak information--that's never a goal--the idea is to increase the difficulty and risk to such a level that it is not worth it for the average employee to attempt to leak whatever mediocre information they have access to and that the employees the skill and access are more loyal and less likely to attempt it. In this way it is different to DRM because there is no inherent risk associated (for most people) as you are not going to lose your job or risk federal/military prison for your actions and thus there is nothing to dissuade you from attempting it.

For the record it is not particularly easy to use a printer to duplicate, say, 250,000 diplomatic cables and walk out with them under your arms. It's not particularly difficult to prevent the average employee from accessing IRC/IM either and the obvious risks attached to e-mail are far too high. The approaches do need to be more sophisticated.

Sorry, citizen, but how we determine what IS and is NOT classified is classified information.

It's fun to be snide, but sometimes the facts get in the way. How the U.S. Govt. determines what should and shouldn't be classified is spelled out in Executive Order 13526, the text of which is not classified.

Sec. 1.4. Classification Categories.
Information shall not be considered for classification unless its unauthorized disclosure could reasonably be expected to cause identifiable or describable damage to the national security in accordance with section 1.2 of this order, and it pertains to one or more of the following:
(a) military plans, weapons systems, or operations;
(b) foreign government information;
(c) intelligence activities (including covert action), intelligence sources or methods, or cryptology;
(d) foreign relations or foreign activities of the United States, including confidential sources;
(e) scientific, technological, or economic matters relating to the national security;
(f) United States Government programs for safeguarding nuclear materials or facilities;
(g) vulnerabilities or capabilities of systems, installations, infrastructures, projects, plans, or protection services relating to the national security; or
(h) the development, production, or use of weapons of mass destruction.

The other problem is that this was already policy in the '90s when I worked in AFSAA in the Pentagon. You were not allowed to copy data to non-classified system without the approval of specific officers who were tasked to examine the data. The data was copied onto a zeroed disk in a clean system, examined directly and in a hex editor. Then, if approved, it was copied for you onto a disk marked unclassified. There were also strict rules about the use of pads of paper (remove the top sheet, put it on a hard surface, write your note; that way you did not leave stray impressions on the pad which might be distributed. In the vaults, they often had pads stamped "SECRET" or "TOP SECRET" to make this less likely.) And there were quite a few applications we used where cut and paste was disabled or limited.

This obviously slowed things down, but that was the whole point. There had been several incidents where people had bypassed the rules and classified data were nearly leaked (the affected unclassified systems had to be scrubbed). Even if you just know that a document contains no classified information, it is quite possible that a file does. Problems were specifically discovered with MS Word files where random data from the system could end up in non-visible portions of the file. Once on an Unclassified system, the classified data might end up in swap space or otherwise be copied to where it should not be and remain after the offending file was wiped. Therefore the entire contaminated system would usually be wiped and reinstalled from a clean image. And, often the offending person would have their career shortened considerably. We dealt with nuclear deployment data and WINTEL (data which could reveal the identity of intelligence sources), so courts martial was always a possibility even, perhaps especially, for inadvertent release.

Personally, I consider release of classified data through idiocy to be a higher offense than doing so on purpose through act-of-conscience. The procedures exist for a reason, and often it is not to make things convenient. Carelessness gets people killed.

About when I stopped doing work there (1997-98) was when they were really going gung ho on the "classified Internet" where classified networks were tunneled over the DoD Unclassified Internet. That made for a lot more mixing of systems and cables which, I think, made it much harder to enforce strict separation. It used to be that there had to be 6' between the Top Secret network cables and the Unclassified network cables (and the cables were color coded). Ostensibly that was to prevent electronic feedback from leaking signals, but I think the real reason was to make absolutely sure the wrong network cable never went to the wrong hub and that someone lost their job if it did. It was absolutely forbidden to patch a classified cable outside of the designated rooms and areas. Classified printers, copiers, and CD burners were usually in designated areas as well. (You were allowed to make Unclassified copies on a Classified copier as long as you ran three blank pages through first to clear any residual images on the drum; you were never allowed to copy Classified data on an Unclassified copier outside the designated areas). Trash, of course, was separated by classification level and classified electronic waste (e.g. bad hard drives) were destroyed. Some manufacturers insisted that we return bad drives for warranty replacement, which was fine, as long as they understood that the platters would be physically destroyed first.

In any case, I am not surprised at this rule as much as surprised that it was allowed to lapse. You cannot 100% prevent leaks of data, but you at least want to make sure it is deliberate, that people are aware of what they are doing and of what the consequences will be.